<?php session_start();
error_reporting(E_ALL);
?>
<html><!-- InstanceBegin template="/Templates/template.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<!-- InstanceBeginEditable name="doctitle" -->
<title>DrinkDelivery</title>
<!-- InstanceEndEditable -->
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="container">
<div id="login">
<img src="image/logo.jpg" width="100" height="30" align="middle">
 <p> <font size="+2" color="#FFFFFF"><a href="CU.html">                                           Contact Us</a></font></p>
<a href="logout.php"><img src="image/logout.png" align="right"></a>
<a href="login.php"><img src="image/login.png" align="right"></a> 
</div>
<div id="header">
<ul>
  <li></li>
<li><a href="store.php"><img src="image/m2.jpg" width="200" height="200"></a></li>
<li><a href="member.php"><img src="image/m3.jpg" width="200" height="200"></a></li>
<li><a href="category.php"><img src="image/m4.jpg" width="200" height="200"></a></li>
</ul>
</div>
<br/>
<div id="content">
<!-- InstanceBeginEditable name="content" -->
<div id="register">

<?php
if(isset($_SESSION['loggin'])&&$_SESSION['loggin']==1)
{
	die('You are already logged in, '.$_SESSION['username'].'.');
}
else
	if (isset($_POST['Submit']))
	{
		// step 1:connect to datebase server
		$connection = mysql_connect("localhost", "root", "");
		if ( !$connection ) {
			die('Could not connect to localhost.');	
		}
			
		// step 2: select a database
		$db = mysql_select_db("test", $connection);
		if ( !$db) {
			die ('Could not find database test.');	
		}
		
		if(!$_POST['uname'] | !$_POST['passwd']) {
        	die('You did not fill in a required field.');
    	}
		
		//authenticate
		
		if (!get_magic_quotes_gpc()) {
        	$_POST['uname'] = addslashes($_POST['uname']);
   		}

		
		$query = "SELECT name,password FROM users WHERE name =  '".$_POST['uname']."' ";
		
		$check = mysql_query($query,$connection);
		
		if(mysql_num_rows($check)==0)
		{
			die('That username does not exist in our database.');
    	}
		
		//match password
		
		$info = mysql_fetch_array($check);
		
		$_POST['passwd'] = stripslashes($_POST['passwd']);
    	$info['password'] = stripslashes($info['password']);

   		if ($_POST['passwd'] != $info['password']) {
       		 die('Incorrect password, please try again.');
   		}
		
		$_POST['uname'] = stripslashes($_POST['uname']);
    	$_SESSION['username'] = $_POST['uname'];
		$_SESSION['msg']="logged in!";
		$_SESSION['loggin']="1";
	}
?>
<h1 align="center"> <?php echo $_SESSION['msg']; ?> </h1>
<p align="center">
<a href="member.php"><input type="button" value="Detail"/></a></p>
</div>
<!-- InstanceEndEditable -->
</div>
<a href="index.php">z</a> </div>
</body>
<!-- InstanceEnd --></html>
